kernel: refine syscall_hook_manager

[5ec1cff]

• Don't unmark process when setuid if syscall tracepoint is in use
• Remark process when app profile updated
• Ensure zygote is marked on first boot

[Copilot]

Pull Request Overview

This PR refines the syscall hook manager to improve process marking logic when syscall tracepoints are shared with other kernel components (e.g., ftrace). The key improvements ensure that processes are not incorrectly unmarked when tracepoints are in use by other subsystems, and that processes are correctly remarked when app profiles are updated.

• Introduces conditional process unmarking during setuid operations based on tracepoint usage
• Adds process remarking when app profiles are updated to reflect permission changes
• Refactors process marking logic to handle shared tracepoint usage more intelligently

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
kernel/syscall_hook_manager.h	Updated function signature for ksu_mark_running_process and added new function declaration for conditional flag clearing
kernel/syscall_hook_manager.c	Implemented conditional clearing logic, refactored process marking to be lock-aware, improved tracepoint registration/unregistration handlers, and removed obsolete init tracker code
kernel/setuid_hook.c	Updated to use conditional flag clearing instead of unconditional clearing during setuid operations
kernel/ksud.c	Removed redundant ksu_unmark_all_process call before remarking processes on boot completion
kernel/allowlist.c	Added process remarking when app profiles are persisted to ensure running processes reflect updated permissions

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.